A typical classified document. Page 13 of a U.S. National Security Agency report[1] on the USS Liberty incident, partially declassified and released to the public in July 2004. The original overall classification of the page, "top secret", and the Special Intelligence code word "umbra", are shown at top and bottom. The classification of individual paragraphs and reference titles is shown in parentheses—there are six different levels on this page alone. Notations with leader lines at top and bottom cite statutory authority for not declassifying certain sections.

Classified information is material that a government body claims is sensitive information that requires protection of confidentiality, integrity, or availability. Access is restricted by law or regulation to particular groups of people, and mishandling can incur criminal penalties and loss of respect. A formal security clearance is often required to handle classified documents or access classified data. The clearance process usually requires a satisfactory background investigation. Documents and other information assets are typically marked with one of several (hierarchical) levels of sensitivity—e.g. restricted, confidential, secret and top secret. The choice of level is often based on an impact assessment; governments often have their own set of rules which include the levels, rules on determining the level for an information asset, and rules on how to protect information classified at each level. This often includes security clearances for personnel handling the information. Although "classified information" refers to the formal categorization and marking of material by level of sensitivity, it has also developed a sense synonymous with "censored" in US English. A distinction is often made between formal security classification and privacy markings such as "commercial in confidence". Classifications can be used with additional keywords that give more detailed instructions on how data should be used or protected.

Some corporations and non-government organizations also assign sensitive information to multiple levels of protection, either from a desire to protect trade secrets, or because of laws and regulations governing various matters such as personal privacy, sealed legal proceedings and the timing of financial information releases.

The purpose of classification is to protect information. Higher classifications protect information that might endanger national security. Classification formalises what constitutes a "state secret" and accords different levels of protection based on the expected damage the information might cause in the wrong hands.

However, classified information is frequently "leaked" to reporters by officials for political purposes. Several U.S. presidents have leaked sensitive information to get their point across to the public.[2][3]

KGB traitors list seen in Museum of Genocide Victims Vilnius: originally marked top secret

Top secret is the highest level of classified information.[4] Information is further compartmented so that specific access using a code word after top secret is a legal way to hide collective and important information.[5] Such material would cause "exceptionally grave damage" to national security if made publicly available.[6] Prior to 1942, the UK and other members of the British Empire used Most Secret, but this was changed to match the US's Top Secret to simplify Allied interoperability.

The Washington Post reports in an investigation entitled Top secret America, that per 2010 "An estimated 854,000 people ... hold top-secret security clearances" in the United States.[7]

“It is desired that no document be released which refers to experiments with humans and might have adverse effect on public opinion or result in legal suits. Documents covering such work field should be classified 'secret'.”

April 17, 1947 Atomic Energy Commission memo from Colonel O.G. Haywood, Jr. to Dr. Fidler at the Oak Ridge Laboratory in Tennessee.[8] As of 2010, Executive Order 13526 bans classification of documents simply to "conceal violations of law, inefficiency, or administrative error" or "prevent embarrassment to a person, organization, or agency".[9]

Secret material would cause "serious damage" to national security if it were publicly available.[10]

In the United States, operational "Secret" information can be marked with an additional "LIMDIS", to limit readership.

Restricted material would cause "undesirable effects" if publicly available.[11] Some countries do not have such a classification; in public sectors, such as commercial industries, such level are also called and known as "Private Information".

Official material forms the generality of government business, public service delivery and commercial activity. This includes a diverse range of information, of varying sensitivities, and with differing consequences resulting from compromise or loss. OFFICIAL information must be secured against a threat model that is broadly similar to that faced by a large private company.

The OFFICIAL classification replaces the Confidential and Restricted classifications after April 2014 in the UK.[12]

Unclassified is technically not a classification level, but this is a feature of some classification schemes, used for government documents that do not merit a particular classification. This is because the information is low-impact, and therefore does not require any special protection, such as vetting of personnel.

Clearance is a general classification, that comprises a variety of rules controlling the level of permission required to view so classified information, and how it must be stored, transmitted, and destroyed. Additionally, access is restricted on a "need to know" basis. Simply possessing a clearance does not automatically authorize the individual to view all material classified at that level or below that level. The individual must present a legitimate "need to know" in addition to the proper level of clearance.

In addition to the general risk-based classification levels, additional compartmented constraints on access exist, such as (in the U.S.) Special Intelligence (SI), which protects intelligence sources and methods, No Foreign dissemination (NOFORN), which restricts dissemination to U.S. nationals, and Originator Controlled dissemination (ORCON), which ensures that the originator can track possessors of the information. Information in these compartments is usually marked with specific keywords in addition to the classification level.

Government information about nuclear weapons often has an additional marking to show it contains such information (CNWDI).

When a government agency or group shares information between an agency or group of other country’s government they will generally employ a special classification scheme that both parties have previously agreed to honour.

For example the marking ATOMAL, is applied to U.S. RESTRICTED DATA or FORMERLY RESTRICTED DATA and United Kingdom ATOMIC information that has been released to NATO. ATOMAL information is marked COSMIC TOP SECRET ATOMAL (CTSA), NATO SECRET ATOMAL (NSAT), or NATO CONFIDENTIAL ATOMAL (NCA).

For example, sensitive information shared amongst NATO allies has four levels of security classification; from most to least classified:

COSMIC TOP SECRET (CTS),

NATO SECRET (NS),

NATO CONFIDENTIAL (NC), and

NATO RESTRICTED (NR).

A special case exists with regard to NATO UNCLASSIFIED (NU) information. Documents with this marking are NATO property (copyright) and must not be made public without NATO permission. In general documents with this classification aren't cleared for internet-transmission either, unless clearly marked with RELEASABLE FOR INTERNET TRANSMISSION. Documents that can be made public, however, should be clearly marked with NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC.

TRÈS SECRET UE/EU TOP SECRET: information and material the unauthorised disclosure of which could cause exceptionally grave prejudice to the essential interests of the European Union or of one or more of the Member States; SECRET UE/EU SECRET: information and material the unauthorised disclosure of which could seriously harm the essential interests of the European Union or of one or more of the Member States; CONFIDENTIEL UE/EU CONFIDENTIAL: information and material the unauthorised disclosure of which could harm the essential interests of the European Union or of one or more of the Member States; RESTREINT UE/EU RESTRICTED: information and material the unauthorised disclosure of which could be disadvantageous to the interests of the European Union or of one or more of the Member States.

Most countries employ some sort of classification system for certain government information. For example, in Canada, information that the U.S. would classify SBU (Sensitive but Unclassified) is called "protected" and further subcategorised into levels A, B, and C.

On 19 July 2011, the National Security (NS) classification marking scheme and the Non-National Security (NNS) classification marking scheme in Australia was unified into one structure.

The Australian Government Security Classification system now comprises TOP SECRET, SECRET, CONFIDENTIAL and PROTECTED. A new dissemination limiting markers (DLMs) scheme was also introduced for information where disclosure may be limited or prohibited by legislation, or where it may otherwise require special handling. The DLM marking scheme comprises For Official Use Only (FOUO), Sensitive, Sensitive: Personal, Sensitive: Legal, and Sensitive: Cabinet.[15]

Documents marked Sensitive Cabinet, relating to discussions in Federal Cabinet, are treated as PROTECTED at minimum due to its higher sensitivity.

In Brazil, a top secret (Ultra-secreto) government-issued document may be classified for a period of 25 years, which may be extended up to another 25 years. Thus, no document remains classified for more than 50 years. This is mandated by the 2011 Information Access Law (Lei de Acesso à Informação), a change from the previous rule, under which documents could have their classification time length renewed indefinitely, effectively shuttering state secrets from the public. The 2011 law applies retroactively to existing documents.

There are two main type of sensitive information designation used by the Government of Canada: Classified and Protected. The access and protection of both types of information is governed by the Security of Information Act, effective December 24, 2001, replacing the Official Secrets Act 1981.[16] To access the information, a person must have the appropriate level of clearance and a need to know.

In addition, the caveat "For Canadian Eyes Only" may be used to restrict Classified or Protected information to only Canadian citizens with the appropriate level of clearance and need to know.[17]

SOI is not a classification of data per se. It is defined under the Security of Information Act, and unauthorised release of such information constitutes a higher breach of trust, with penalty of life imprisonment.

SOIs include:

military operations in respect of a potential, imminent or present armed conflict

the identity of confidential source of information, intelligence or assistance to the Government of Canada

tools used for information gathering or intelligence

the object of a covert investigation, or a covert collection of information or intelligence

the identity of any person who is under covert surveillance

encryption and cryptographic systems

information or intelligence to, or received from, a foreign entity or terrorist group

Protected information is not classified. Protected information pertains to any sensitive information that does not relate to national security and cannot be disclosed under the access and privacy legislation because of the possible injury to particular public or private interests.[18][19]

Protected C (Extremely Sensitive protected information): is used to protect extremely sensitive information, which if compromised, could reasonably be expected to cause extremely grave injury outside the national interest. Examples could include bankruptcy, identities of informants in criminal investigations, etc.

Protected B (Particularly Sensitive protected information): is used to protect information that could cause severe injury or damage to the people or group involved if it was released. Examples include medical records, annual personnel performance reviews, income tax returns, etc.

Protected A (Low-Sensitive protected information): is applied to low sensitivity information that should not be disclosed to the public without authorization and could reasonably be expected to cause injury or embarrassment outside the national interest. Example of Protected A information could include employee number, pay deposit banking information, etc.

Federal Cabinet (Queen's Privy Council for Canada) papers are either protected (i.e. overhead slides prepared to make presentations to Cabinet) or classified (draft legislation, certain memos).[20]

In France, classified information is defined by article 413-9 of the Penal Code.[23] The three levels of military classification are

Très Secret Défense (Very Secret Defence): Information deemed extremely harmful to national defense[citation needed], and relative to governmental priorities in national defense. No service or organisation can elaborate, process, stock, transfer, display or destroy information or protected supports classified at this level without authorization from the Prime Minister or the national secretary for National Defence. Partial or exhaustive reproduction is strictly forbidden.

Secret Défense (Secret Defence): Information deemed very harmful to national defense. Such information cannot be reproduced without authorisation from the emitting authority, except in exceptional emergencies.

Confidentiel Défense (Confidential Defence): Information deemed potentially harmful to national defense, or that could lead to uncovering an information classified at a higher level of security.

A further caveat, "spécial France" (reserved France) restricts the document to French citizens (in its entirety or by extracts). This is not a classification level.

Declassification of documents can be done by the Commission consultative du secret de la défense nationale (CCSDN), an independent authority. Transfer of classified information is done with double envelopes, the outer layer being plastified and numbered, and the inner in strong paper. Reception of the document involves examination of the physical integrity of the container and registration of the document. In foreign countries, the document must be transferred through specialised military mail or diplomatic bag. Transport is done by an authorised convoyer or habilitated person for mail under 20 kg. The letter must bear a seal mentioning "PAR VALISE ACCOMPAGNEE-SACOCHE". Once a year, ministers have an inventory of classified information and supports by competent authorities.

Once their usage period is expired, documents are transferred to archives, where they are either destroyed (by incineration, crushing or electrical overtension), or stored.

In case of unauthorized release of classified information, competent authorities are the Ministry of Interior, the Haut fonctionnaire de défense et de sécurité ("high civil servant for defence and security") of the relevant ministry, and the General secretary for National Defence. Violation of such secrets is an offence punishable with 7 years of imprisonment and a 100 000 Euro fine; if the offence is committed by imprudence or negligence, the penalties are 3 years of imprisonment and a 45 000 Euro fine.

The Security Bureau is responsible for developing policies in regards to the protection and handling of confidential government information. In general, the system used in Hong Kong is very similar to the UK system, developed from the Colonial Hong Kong era.

Four classifications exists in Hong Kong, from highest to lowest in sensitivity:[24]

Top Secret (高度機密)

Secret (機密)

Confidential (保密)

Temporary Confidential (臨時保密)

Restricted (限閱文件/內部文件)

Restricted (staff) (限閱文件(人事))

Restricted (tender) (限閱文件 (投標))

Restricted (administration) (限閱文件 (行政))

Restricted documents are not classified per se, but only those who have a need to know will have access to such information, in accordance with the Personal Data (Privacy) Ordinance.[25]

New Zealand uses the Restricted classification, which is lower than Confidential. People may be given access to Restricted information on the strength of an authorisation by their Head of Department, without being subjected to the background vetting associated with Confidential, Secret and Top Secret clearances. New Zealand's security classifications and the national-harm requirements associated with their use are roughly similar to those of the United States.

In addition to national security classifications there are two additional security classifications, In Confidence and Sensitive, which are used to protect information of a policy and privacy nature. There are also a number of information markings used within ministries and departments of the government, to indicate, for example, that information should not be released outside the originating ministry.

Because of strict privacy requirements around personal information, personnel files are controlled in all parts of the public and private sectors. Information relating to the security vetting of an individual is usually classified at the In Confidence level.

In Romania, classified information is referred to as "state secrets" (secrete de stat) and is defined by the Penal Code as "documents and data that manifestly appear to have this status or have been declared or qualified as such by decision of Government".[26] There are three levels of classification—Secret, Top Secret, and Top Secret of Particular Importance.[27] The levels are set by the Romanian Intelligence Service and must be aligned with NATO regulations—in case of conflicting regulations, the latter are applied with priority. Dissemination of classified information to foreign agents or powers is punishable by up to life imprisonment, if such dissemination threatens Romania's national security.[28]

In the Russian Federation, a state secret (Государственная тайна) is information protected by the state on its military, foreign policy, economic, intelligence, counterintelligence, operational and investigative and other activities, dissemination of which could harm state security.

Some Swedish examples of markings attached to documents that are to be kept secret. A single frame around the text indicates Hemlig, which can be equal to either Secret, Confidential or Restricted. Double frames means Kvalificerat hemlig, that is, Top Secret.

The Swedish classification has been updated due to increased NATO/PfP cooperation. All classified defence documents will now have both a Swedish classification (Kvalificerat hemlig or Hemlig), and an English classification (Top Secret, Secret, Confidential, or Restricted).[citation needed]. The term skyddad identitet, "protected identity", is used in the case of protection of a threatened person, basically implying "secret identity", accessible only to certain members of the police force and explicitly authorised officials.

Until 2013, the United Kingdom used five levels of classification—from lowest to highest, they were: PROTECT, RESTRICTED, CONFIDENTIAL, SECRET and TOP SECRET (formerly MOST SECRET). The Cabinet Office provides guidance on how to protect information, including the security clearances required for personnel. Staff may be required to sign to confirm their understanding and acceptance of the Official Secrets Acts 1911 to 1989, although the Act applies regardless of signature. PROTECT is not in itself a security protective marking level (such as RESTRICTED or greater), but is used to indicate information which should not be disclosed because, for instance, the document contains tax, national insurance, or other personal information.

Government documents without a classification may be marked as UNCLASSIFIED or NOT PROTECTIVELY MARKED.[29]

The U.S. classification system is currently established under Executive Order 13526 and has three levels of classification—Confidential, Secret, and Top Secret. The U.S. had a Restricted level during World War II but no longer does. U.S. regulations state that information received from other countries at the Restricted level should be handled as Confidential. A variety of markings are used for material that is not classified, but whose distribution is limited administratively or by other laws, e.g., For Official Use Only (FOUO), or Sensitive but Unclassified (SBU). The Atomic Energy Act of 1954 provides for the protection of information related to the design of nuclear weapons. The term "Restricted Data" is used to denote certain nuclear technology. Information about the storage, use or handling of nuclear material or weapons is marked "Formerly Restricted Data". These designations are used in addition to level markings (Confidential, Secret and Top Secret). Information protected by the Atomic Energy Act is protected by law and information classified under the Executive Order is protected by Executive privilege.

The U.S. government insists it is “not appropriate” for a court to question whether any document is legally classified.[30] In the 1973 trial of Daniel Ellsberg for releasing the Pentagon Papers, the judge did not allow any testimony from Ellsberg, claiming it was "irrelevant", because the assigned classification could not be challenged. The charges against Ellsberg were ultimately dismissed after it was revealed that the government had broken the law in secretly breaking into the office of Ellsberg's psychiatrist and in tapping his telephone without a warrant. Ellsberg insists that the legal situation in the U.S. today is worse than it was in 1973, and Edward Snowden could not get a fair trial.[31] The State Secrets Protection Act of 2008 might have given judges the authority to review such questions in camera, but the bill was not passed.[30]

Table of equivalent classification markings in various countries[edit]

Original source: NISPOM Appendix B[34] ¹ In addition, Finland uses label Salassa pidettävä, "to be kept secret" for information that is not classified but must not be revealed on some other basis than national security. (E.g. privacy, trade secrets etc.)

Private corporations often require written confidentiality agreements and conduct background checks on candidates for sensitive positions.[35] In the U.S. the Employee Polygraph Protection Act prohibits private employers from requiring lie detector tests, but there are a few exceptions. Policies dictating methods for marking and safeguarding company-sensitive information (e.g. "IBM Confidential") are common and some companies have more than one level. Such information is protected under trade secret laws. New product development teams are often sequestered and forbidden to share information about their efforts with un-cleared fellow employees, the original Apple Macintosh project being a famous example. Other activities, such as mergers and financial report preparation generally involve similar restrictions. However, corporate security generally lacks the elaborate hierarchical clearance and sensitivity structures and the harsh criminal sanctions that give government classification systems their particular tone.

The Traffic Light Protocol[36][37] was developed by the G8 countries to enable the sharing of sensitive information between government agencies and corporations. This protocol has now been accepted as a model for trusted information exchange by over 30 other countries. The protocol provides for four "information sharing levels" for the handling of sensitive information.